Python wrapper for https://deps.dev/ API

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for FlavioAmurrioCS from gravatar.com FlavioAmurrioCS

Unverified details

These details have not been verified by PyPI
Meta
Classifiers
Report project as malware

Project description

depsdev

PyPI - Version PyPI - Python Version pre-commit.ci status

Table of Contents

Overview

Thin Python wrapper (async-first) around the public deps.dev REST API plus an optional Typer-based CLI. Provides straightforward methods mapping closely to the documented endpoints; responses are returned as decoded JSON (dict / list). Alpha endpoints can be enabled via DEPSDEV_V3_ALPHA=true and may change without notice.

Installation

pip install depsdev            # library only
pipx install depsdev[cli]       # CLI
uv tool install depsdev[cli]       # CLI

CLI Usage

[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ]
$ depsdev --help

 Usage: depsdev [OPTIONS] COMMAND [ARGS]...

╭─ Options ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ --install-completion        [bash|zsh|fish|powershell|pwsh]  Install completion for the specified shell.                                        │
│ --show-completion           [bash|zsh|fish|powershell|pwsh]  Show completion for the specified shell, to copy it or customize the installation. │
│ --help                                                       Show this message and exit.                                                        │
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ report   Show vulnerabilities for packages in a file.                                                                                           │
│ api      A CLI tool to interact with the https://docs.deps.dev/api/                                                                             │
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Utils ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ purl     Extract package URLs from various formats.                                                                                             │
│ vuln     Main function to analyze packages for vulnerabilities.                                                                                 │
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯

Report mode

Parses depedency file and reports the vulnerabilities and the version where it was fixed.

[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ]
$ depsdev report --help

 Usage: depsdev report [OPTIONS] FILENAME

 Show vulnerabilities for packages in a file.

 Example usage:
 depsdev report requirements.txt
 depsdev report pom.xml
 depsdev report Pipfile.lock

╭─ Arguments ────────────────────────────────────────────────╮
│ *    filename      TEXT  [required]                        │
╰────────────────────────────────────────────────────────────╯
╭─ Options ──────────────────────────────────────────────────╮
│ --help          Show this message and exit.                │
╰────────────────────────────────────────────────────────────╯

[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ]
$ uv export > requirements.txt
Resolved 34 packages in 6ms

[flavio@Mac ~/dev/github.com/FlavioAmurrioCS/depsdev][main ]
$ depsdev report requirements.txt
Analysing 10 packages...
Found 1 packages with advisories.
                                                                                      pkg:pypi/idna@3.6
┏━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Id                   Summary                                                                                                                             Fixed                          ┃
┡━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ GHSA-jjg7-2v4v-x38h  Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode  3.7                            │
│ PYSEC-2024-60                                                                                                                                            1d365e17e10d72d0b7876316fc7b9… │
└─────────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────────────────────────────┘

License

depsdev is distributed under the terms of the MIT license.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for FlavioAmurrioCS from gravatar.com FlavioAmurrioCS

Unverified details

These details have not been verified by PyPI
Meta
Classifiers

Release history Release notifications | RSS feed

This version

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

depsdev-0.0.5.tar.gz (18.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

depsdev-0.0.5-py3-none-any.whl (18.0 kB view details)

Uploaded Python 3

File details

Details for the file depsdev-0.0.5.tar.gz.

File metadata

  • Download URL: depsdev-0.0.5.tar.gz
  • Upload date:
  • Size: 18.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for depsdev-0.0.5.tar.gz
Algorithm Hash digest
SHA256 9bee161670b2a61c9b3a4a1c6a551168ebcbafb213bd7a22dd5f759d4cd99c36
MD5 7cd6bb40c18976eba13a8abcaf959b50
BLAKE2b-256 2fc0ec3953cf2d46f6a5720ff876333fd8de70296dfd4a5ea8f179df82e0ed28

See more details on using hashes here.

Provenance

The following attestation bundles were made for depsdev-0.0.5.tar.gz:

Publisher: main.yaml on FlavioAmurrioCS/depsdev

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file depsdev-0.0.5-py3-none-any.whl.

File metadata

  • Download URL: depsdev-0.0.5-py3-none-any.whl
  • Upload date:
  • Size: 18.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for depsdev-0.0.5-py3-none-any.whl
Algorithm Hash digest
SHA256 ea05fb832247383fff472116188ddd3e416b9fffe57686dd2d3e1ec1d2533a12
MD5 58036042a53cebf70e169b4733a6fb25
BLAKE2b-256 c49dbd8e1d7bb3281b3a6891509c4b47b2ab428389121ac8f96f2897d5d3ece3

See more details on using hashes here.

Provenance

The following attestation bundles were made for depsdev-0.0.5-py3-none-any.whl:

Publisher: main.yaml on FlavioAmurrioCS/depsdev

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page